mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Mahler (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-7401) Optionally reject messages when UPIDs does not match IP.
Date Thu, 27 Apr 2017 00:38:04 GMT

     [ https://issues.apache.org/jira/browse/MESOS-7401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benjamin Mahler updated MESOS-7401:
-----------------------------------
    Summary: Optionally reject messages when UPIDs does not match IP.  (was: Optionally pin
UPIDs to their IP address.)

> Optionally reject messages when UPIDs does not match IP.
> --------------------------------------------------------
>
>                 Key: MESOS-7401
>                 URL: https://issues.apache.org/jira/browse/MESOS-7401
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>
> {{libprocess}} does no validation of the peer UPID so in some deployments it is trivial
to inject bogus messages and impersonate legitimate actors. If we add a check to verify that
messages are received from the same IP address as the peer UPID claims to be using, we can
increase the difficulty of UPID spoofing, and mitigate this somewhat.
> For compatibility, this has to be an optional setting and disabled by default.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message